Implement password and password-less logins

Learn how to design login flows, manage sessions safely, and integrate with third-party identity providers. Additionally, we look at common attack vectors — from phishing and credential stuffing to session hijacking — and learn how to defend against them.

On the web, knowing who you’re communicating with is fundamental to security. When your server receives a request, how can you be sure who sent it? Traditionally, this has been handled with passwords.

If someone knows the right password, we assume they are who they claim to be. But today, this is no longer enough. Passwords are fragile. They can be guessed, stolen, leaked, or phished. And in most systems, they represent the weakest link.

Secure systems going forward should avoid passwords, if possible. But in real-world contexts, often times we have to maintain existing systems, or support specific hardware requirements, so we will look at passwords as well.

Thankfully, we now have the tools to build password-less authentication too — using Passkeys, the Webauthn API, and the Web Crypto API, which are all supported in modern web browsers.

What you’ll learn

  1. Password & Hashing
    Why storing plain text is fatal, what salted hashing is, and how to use secure password hashing algorithms like bcrypt.

  2. Authentication Flows
    Classic username/password logins, password-less login, and permissions based on signed tokens.

  3. Session Management
    Cookies, tokens, and best practices for persistent state on the web.

  4. Modern Password-less Alternatives
    The webcrypto API, and the move away from passwords.

Who is this course for?

This course is intended for people who already know the fundamentals of programming on the web. You should feel comfortable working with Javascript.

Outcome

By the end of this course, you’ll understand security fundamentals behind logins and user accounts, and you’ll build a complete, functional app with access control that protects users.

Included with purchase
  • Written guides with examples / code snippets
  • Github repo with source code
  • Access to a private Discord server for questions

Take this course for $41 or get all 4 courses for $150.

Enroll now